A New HOPE (2022): "Tracking Android Malware and Auditing App Privacy for Fun and Non-Profit" (Download)
Friday, July 22, 2022: 5:00 pm (Little Theatre): Our devices are a window into our souls, and contain a vast trove of information that is valuable to both data-driven big business and hackers alike. On the surface, a popular social media app promoted on the Google Play Store and a piece of malware side-loaded onto a device may seem very different. From the perspective of reverse engineers and analysts of Android apps, however, the tools and methodologies are the same. Using a combination of static and dynamic analysis, we can begin to understand the behavior of apps that are installed on our devices, and see exactly what data they are siphoning and sending out.
In this talk, Bill will cover the tools, techniques, and device configurations used to conduct a privacy audit of a popular app or a behavioral analysis of a piece of malware. Drawing from his investigation of the popular Ring doorbell app to his more recent work dissecting a piece of malware which used Tor to discover a command and control (C2) server, this talk will be infused with real-world research and examples of both. In addition, the "apkeep" tool developed at EFF provides a powerful addition to the toolbox for anyone interested in downloading apps from various sources and app markets. Finally, he'll present a configuration of a single Android device that can do real-time interception of encrypted network communication from apps run on it while on-the-go, which can be useful for when apps change based on location or user behavior.
If your interest is in reverse-engineering Android malware, in auditing the sensitive information which is habitually gathered by ostensibly legitimate data-driven businesses, or just in learning a little more about the world of app analysis, this talk will have something for you.